Time to finally break away from the Wiegand format?

August 2015 IT infrastructure, News

The Wiegand interface, which rose to popularity in the 1980s, has long been accepted by the access control industry as the de facto wiring standard for interfacing between access controllers and various card or biometric readers.

As usual, the longer a technology is around, the more methods of exploiting its flaws will be found. Wiegand devices by their very nature tend to be unsupervised devices which can mean that they are the perfect attack targets for entry into secure areas – be it parliamentary buildings, airports, schools or other highly sensitive points.

The devices that are used for identifying the person attempting to attain access vary from extremely advanced (and expensive) retina, fingerprint or facial scanners through to proximity cards wielding the latest in secure storage and encrypted communication protocols. This information is then sent across insecure wires to a controller that also communicates using the latest in security.

Micro sensors that are put in place to ensure that the devices are not tampered with are ironically often disabled to make for easier servicing, do not have any method of feeding the alarm state back to a security centre, or only disable the device itself when active.

A Google search for the term ‘Hacking Wiegand Protocol’ will reveal many attacks that can be used against access control systems that employ this wiring system, including man-in-the-middle attacks whereby the CEO’s access control identification can be captured and replayed at a later point – this using a bottom-of-the-line and cheapest microcontroller with some fairly simple firmware.

There are various other issues that present themselves; including wiring length, number of wiring cores required to service the full interface, lack of encryption, overlap of card numbers and mostly unidirectional capabilities.

The access controllers or devices that use this wiring standard are not to blame for the on-going use and proliferation of this protocol as it has been used in the industry for so long that it has become ‘part of the furniture’ and accepted as the most common method for interconnectivity.

Tackling all of these challenges and allowing different devices and systems to communicate with each other seamlessly is a fairly complex task which has been taken on by the Security Industry Association (SIA). The protocol that has emerged is called OSDP (Open Supervised Device Protocol).

OSDP has been developed to communicate over two data lines and one earth line which makes it the perfect fit for RS-485 multi-drop communications, however it can also be extended to communicate over TCP/IP. Encryption has been built into the protocol, along with checksums for ensuring data integrity and monitoring capabilities to be able to tell when a device is damaged, offline or being tampered with.

Barend Keyser, Saflec.
Barend Keyser, Saflec.

As the access control industry starts to implement this protocol and the standard becomes more accepted there will be more and more devices that support OSDP and less that will implement Wiegand.

As a company, Saflec Systems has decided to start the migration process and has partnered with a number of companies, including Virdi (a popular biometrics provider) and HID to ensure that its solution is on the forefront of this OSDP revolution.

The new SDC-6xx controller range will support the OSDP protocol, and the new display reader soon to be released will also incorporate the protocol.

As the popular idiom goes – “a chain is only as strong as its weakest link”. It’s time to stop relying on this particular link.

For more information contact Saflec Systems, +27 (0)11 477 4760, [email protected], www.safsys.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Read more...
Hikvision aims for solutions
Technews Publishing Hikvision South Africa Editor's Choice CCTV, Surveillance & Remote Monitoring News Integrated Solutions Conferences & Events
Hikvision recently held a roadshow titled Industry X, where the company highlighted its latest products and solutions, supported by partners and distributors.

Read more...
Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

Read more...
ZYTEQ Fire Engineering Summit 2022
ZYTEQ Fire Fire & Safety News
Cape Town-based ZYTEQ Fire hosted its inaugural Engineering Summit at the Commodore Hotel in Cape Town and the Leonardo Hotel in Sandton, Johannesburg.

Read more...
Infinidat a leader in ransomware protection
IT infrastructure Products
InfiniSafe brings together the key foundational requirements essential for delivering comprehensive cyber-recovery capabilities with immutable snapshots, logical air-gapped protection, a fenced forensic network, and near-instantaneous recovery of backups of any repository size.

Read more...
What’s the difference between SASE, SD-WAN and SSE?
IT infrastructure
When it comes to the wide area network (WAN), the letter ‘S’ plays a pivotal role – from SASE to SD-WAN to SSE – but there can be some confusion with so many WAN ‘S’ acronyms.

Read more...
Cold chain integrity in real time
Technews Publishing Editor's Choice Asset Management, EAS, RFID IT infrastructure Transport (Industry) Logistics (Industry)
DeltaTrak offers real-time farm-to-fork IoT monitoring of the cold chain to ensure every step of the journey is recorded and verifiable via the cloud.

Read more...
Nomad launches early adopter programme
Editor's Choice News Integrated Solutions Smart Home Automation
Participants in Nomad’s Early Adopter Programme will receive 10% of their volume order to facilitate testing before the commercial launch later this year.

Read more...
BCX and Alibaba Cloud confirm partnership
News IT infrastructure
BCX and Alibaba Cloud have formed a partnership to bring cloud technologies to businesses in South Africa to drive local digitalisation.

Read more...
IoV – the cutting edge of vehicle automation
Integrated Solutions IT infrastructure Transport (Industry) Logistics (Industry)
Today’s cars have become bona fide connected machines and not merely an extension of our mobile devices such as smartphones.

Read more...